TIPS Clarification regards Traveling Man on 13-13.

phonebuff

Guru
Joined
Feb 7, 2008
Messages
893
Reaction score
61
Working on research on a number of minor nuisances on a new install. See email on badbots.

Anyway, onething I noticed was the following was not part of my Asterisk Cron tab.

Code:
# be sure to issue iptables-restart nightly in /etc/crontab like this:
# 15 0 * * * root /usr/local/sbin/iptables-restart >/dev/null 2>&1
Think I miss read something and just did not add it or ipchecker but since I know @ward did a lot of work on this I am wondering if I misunderstood something and I am looking in the wrong place.

/var/spool/cron/asterisk
Code:
*/15 * * * * /usr/sbin/fwconsole userman --syncall -q
* * * * * [ -x /var/www/html/admin/modules/dashboard/scheduler.php ] && /var/www/html/admin/modules/dashboard/scheduler.php > /dev/null 2>&1
0 * * * * /var/lib/asterisk/bin/freepbx-cron-scheduler.php
50 * * * * /usr/local/sbin/fwconsole util cleanplaybackcache -q
* * * * * [ -x /var/lib/asterisk/bin/schedtc.php ] && /var/lib/asterisk/bin/schedtc.php
 

phonebuff

Guru
Joined
Feb 7, 2008
Messages
893
Reaction score
61
Answering some of my own questions ---

So I found the entries in /etc/crontab --

Code:
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed
15 0 * * * root /usr/local/sbin/iptables-restart >/dev/null 2>&1
*/10 5-22 * * * root /root/ipchecker > /dev/null 2>&1
2 0 * * * root rm /tmp/*.sln >/dev/null 2>&1
and "service crond status" shows it's running
crond (pid 1615) is running...

But what's it run under in this environment as 'crontab -l' indicates it's not running
[email protected]:/etc $ crontab -l
no crontab for root

And if I su to asterisk it picks up the file from /var/spool/cron/asterisk
Code:
[[email protected] ~]$ crontab -l
*/15 * * * * /usr/sbin/fwconsole userman --syncall -q
* * * * * [ -x /var/www/html/admin/modules/dashboard/scheduler.php ] && /var/www/html/admin/modules/dashboard/scheduler.php > /dev/null 2>&1
0 * * * * /var/lib/asterisk/bin/freepbx-cron-scheduler.php
50 * * * * /usr/local/sbin/fwconsole util cleanplaybackcache -q
* * * * * [ -x /var/lib/asterisk/bin/schedtc.php ] && /var/lib/asterisk/bin/schedtc.php
TIA --
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,082
Reaction score
2,601
Run's under crontab's internal account, I think. That's why you have to specify the user in /etc/crontab entries.
 

phonebuff

Guru
Joined
Feb 7, 2008
Messages
893
Reaction score
61
So in addition to the questions I have raised in the other thread regarding stops and starts -

https://pbxinaflash.com/community/threads/ipbx13-13-fail2ban-stops-and-starts-a-lot.22582/#post-137428

I have another quandary -- When I do an add-fqdn for SIP UDP why do only the SIP udp dpts:5060-5069 get defined. Should not there also be line for rtp along the lines of this ?

Code:
 # RTP - the media stream
 # (related to the port range in /etc/asterisk/rtp.conf)
 iptables -A INPUT -p udp -m udp -s travelingman.dyndns.org --dport 10000:20000 -j ACCEPT
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,082
Reaction score
2,601
So in addition to the questions I have raised in the other thread regarding stops and starts -

https://pbxinaflash.com/community/threads/ipbx13-13-fail2ban-stops-and-starts-a-lot.22582/#post-137428

I have another quandary -- When I do an add-fqdn for SIP UDP why do only the SIP udp dpts:5060-5069 get defined. Should not there also be line for rtp along the lines of this ?

Code:
 # RTP - the media stream
 # (related to the port range in /etc/asterisk/rtp.conf)
 iptables -A INPUT -p udp -m udp -s travelingman.dyndns.org --dport 10000:20000 -j ACCEPT
IPtables figures out the RTP ports on its own. You only get an RTP connection after an already established SIP connection.
 
  • Like
Reactions: phonebuff

phonebuff

Guru
Joined
Feb 7, 2008
Messages
893
Reaction score
61
Actually, at least for older ATA's it does not --

This was solved when I moved the add_fqdn to a 0 (ALL) from that ip address.

Will have to go back and setup the appropriate RTP Ports so I can restrict it back to SIP UDP / RTP only from that site.
 

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,319
Messages
137,015
Members
14,549
Latest member
mawa1213